{"id":225407,"date":"2026-03-19T07:02:00","date_gmt":"2026-03-19T11:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/19\/cisa-urges-us-orgs-to-secure-microsoft-intune-systems-after-stryker-breach\/"},"modified":"2026-03-19T15:15:15","modified_gmt":"2026-03-19T19:15:15","slug":"cisa-urges-us-orgs-to-secure-microsoft-intune-systems-after-stryker-breach","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/19\/cisa-urges-us-orgs-to-secure-microsoft-intune-systems-after-stryker-breach\/","title":{"rendered":"CISA urges US orgs to secure Microsoft Intune systems after Stryker breach"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach\/\">CISA urges US orgs to secure Microsoft Intune systems after Stryker breach<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-19 07:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker&#8217;s systems.<\/p>\n<p>Microsoft published guidance on hardening Intune administrative controls days after Stryker was breached in an incident claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.<\/p>\n<p>The hackers claim that they stole 50 terabytes of data before using the built-in wipe command in Microsoft&#8217;s Intune cloud-based endpoint management tool to wipe nearly 80,000 devices in the early morning of March 11.<\/p>\n<p>As BleepingComputer was told by a source familiar with the incident, they carried out the attack using a new Global Administrator account created after compromising an administrator account.<\/p>\n<p>Now, CISA urged all U.S. organizations to harden their Intune environments to make them more resilient against similar attacks that could target their own networks.<\/p>\n<p>&#8220;CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment,&#8221; the U.S. cybersecurity agency said on Wednesday.<\/p>\n<p>&#8220;To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert.&#8221;<\/p>\n<p>CISA&#8217;s list of recommendations applies to Microsoft Intune and other endpoint management software, and it requires IT administrators to use a least-privilege approach for admin roles, assigning only the necessary permissions through Microsoft Intune&#8217;s role-based access control (RBAC).<\/p>\n<p>Admins should also enforce MFA and privileged-access hygiene to block unauthorized access to privileged actions in Intune (via Microsoft Entra ID features such as Conditional Access, risk signals, and MFA) and require multi-admin&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CISA urges US orgs to secure Microsoft Intune systems after Stryker breach https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-warns-businesses-to-secure-microsoft-intune-systems-after-stryker-breach\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":225408,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2025\/01\/13\/CISA--headpic.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24],"class_list":["post-225407","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225407"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=225407"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225407\/revisions"}],"predecessor-version":[{"id":225409,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225407\/revisions\/225409"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/225408"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=225407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=225407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=225407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}